Hi,I am trying to avoid setting proxy server on every machine on my network. I am hoping that directing the 80 traffic through DG (8081) on mce server will help me do this. MCE server is the DHCP server for all my nodes on the netwrok and sits between the DSL router and my internal network.

you would need to add an outbound NAT/PAT to translate any outbound traffic on port 80 to port 8081 on a fixed local IP address. The firewall rules page is only for creating inbound rules, so you cannot create the rule you need, as merkur2k says. You will likely also have other issues doing this as well, unless Dansguardian supports a full "transparent" proxy mode (which is different from a normal explicit proxy).

I think you will find it much easier just to set the proxy on your machines! Are you aware that if they are all Windows machines, it is very easy to create a Local Group Policy Object once on each machine, that will automatically set/reset/fix the proxy settings for every user that logs on? So even if a new user comes along and logs on to one of those machines for the first time, they will automatically get the correct proxy (and any other settings you want as well)

seriously guys! for the sake of setting a _single_ IP address _once_ on each PC (less than a 2 min task) and walking away and never thinking about it again.... you are building a "sledgehammer solution"!! More working parts, code and resources consumed on your core for absolutely no purpose whatsoever.

seriously guys! for the sake of setting a _single_ IP address _once_ on each PC (less than a 2 min task) and walking away and never thinking about it again.... you are building a "sledgehammer solution"!! More working parts, code and resources consumed on your core for absolutely no purpose whatsoever.

Colin, I respect your experience, but there are times when you most definately want transparent proxy. My rig will be one of those times.

In my case, 2 reasons:-

1) I have portable devices which are used at home and elsewhere (work etc.) I don't want users (even me, because I'm lazy) to have to turn the proxy on and off according to location.2) I have teenagers. They want to push the boundaries. They are becoming more computer literate by the day. I take parenting responsible and want to protect them from the worst of the web (and protect it from them!). IF it's a local setting, they will attempt to bypass it.

A solution to 1 is to allow the mobile machines to bypass the proxy, but without a lot of complicated filters etc, this negates 2. A solution to 2 is to block all direct web access to the outside world, but that makes 1 a problem.

I also speak as an former kid with an apparent IQ of 147, which puts me above average....

I am not trying to shirk my responsibilites as a parent and get the technology to do it for me. Just get it to help me. There are several types of "protection" I am talking about here...

1) My eldest (15) has been caught (and appropriately delt with) sharing inappropriate material with his younger siblings (in this case 12 and 10). They wouldn't go looking for it, but if "big bro" shows them....2) I have found lists of (very worrying) websites in the kids notes brought back from school (not, I hasten to add from teachers, but other, older, kids).3) I have visited perfectly innocent websites, or followed links from normal sites like the msn homepage and within a few clicks been confronted with hardcore porn, violence etc. I don't want the same for my kids. It isn't always about deliberate abuse!

My approach is many and varied..

a) Education. We talk to the kids about the 'net and how there are bad people out there. We discuss the dangers of revealing personal information and so on.b) Supervison. We keep an eye on what they do. We cannot, however, watch them every second. If vwe have logs we can access, we do look at them, just to be certain. (The kids know this, it isn't a case of spying on them.)c) Securing. This is where the whole proxy stuff comes in. Part of a larger home policy.

The simple fact is, we live in a world now where it is common to have multiple computers in the home. Kids at Primary school (=Elementary school) are using the 'net as part of their daily schoolwork. We can either embrace it and make it as safe for them as possible, or we can be Luddites, bury our heads and refuse access, or only allow it under very close supervision. I believe in taking controlled risks, but the key word here is controlled.

Kids today already suffer from a lack of the freedom we enjoyed. How many parents would be happy for their 9 year old to leave the house at 9:00am with no knowledge of where they were going and no way of contacting them or knowing when they would be back? The expectation being that around 8:00pm is fine? Yet that's exactly what happened when I was a kid, and it was normal! Already, we insist they take their mobiles, we insist we know exactly where they are, etc etc. This is quite right as we live in a dangerous society, but it's sad that we need to wrap them in cotton wool this way.

Yes, the 15-year old will try to work out how to get around it, he may succeed. But hopefully, not for a while and hopefully he will be caught before he shares the information with his younger siblings. Certainly, I don't expect my 4-year old to be happily playing on the cBBC website and then suddenly asking why that lady isn't wearing any clothes

I'm not asking for anyone to agree with me. You may see me as a terrible parent for allowing my kids access to the 'net, or a terrible parent for trying to contol it. Frankly, I don't care. The key thing is, however, please respect my right to parent as I see fit. And that means security on my network, using something like Dan's Guardian and transparent proxying!

I draw your attention to the topic of this thread, and specifically the reasoning that OP had for doing this. This is who I am responding to. Your comments came later, and are for a purpose other than the the original discussion.

My comments, on this topic, still stand. Anybody could produce a set of circumstances that validate an approach, but if they do not relate to the topic at hand, then they are something of a red herring!

That being said, Thom has dealt with your point 2 - irrespective of local of remote, both are circumventable and securable. Point 1 is not really valid - proxies can easily be set as failover, and in the case of GPOs the LGPO is always applied first... for that very purpose. So if you set this in your LGPO, a corporate office GPO would override and LGPO... the point being that when a device is at home, it will automatically get your home settings, and when in an office environment these will be overridden by the corporate settings... transparent... so no issue there.

I respect your comments and apologise from straying from the original topic.

The thread was already drifting from "How do I perform transparent proxying" to a lot of people (yourself in particular) saying you don't want to. I was responding in that vein. My last post was specifically in response to Thom's. He is known to have stong views on some things and is, more often than not, correct. In this case I don't believe he is.

You are correct, if GPOs are an option. At my work, they don't use them on the domain. Nor at my wife's. Even if they did, I also use my laptop from hotel rooms when I'm off the corporate 'net but don't want a proxy.

Whilst you may not agree with my justification, the overriding principle that transparent proxying is a valid requirement stands. I started monitoring (then becoming involved in) this thread as I'm hoping it will lead to a working solution for me and anyone else who similarly wants to do it. For others to drone on about it not being required is, at best, patronizing and rude. I see no reason for a lot of the features of MCE, particularly for me, but I don't criticize others for wanting them. I don't think it would be productive for me to continue justifying why I want to do this - I believe that I (and anyone else in my postion) should be able to do it without enduring unneccessary criticism.

Sometimes people are asking for something which is just plain wrong and asking for trouble. (I want my MCE box to be a workstation and not a router etc.) but in this case, I believe there is a valid reason for those of us who want it to pursue a solution.

I'd like to echo gadget in asking anupindi007 to post his config / put a howto on the wiki.